osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[users@httpd] use cookie value as auth username


Hello,

  I'm trying to use an authz_dbd query to authorize based on the value
of a cookie (ie. if PHPSESSID cookie is set, a db query can test if it
should be authorized).  It seems the only parameter AUTHzDBDQuery will
supply to the sql query is the username in place of %s; this could work
if I could set what REMOTE_USER should be prior to the query running,
but I haven't found a way to do so.  Eg. here the username for the
query is from the auth provider (anon), the SetEnv doesn't the query:

<Directory "/whatever/">
  AuthName "Name"
  AuthType Basic
  AuthBasicProvider anon

  Anonymous_NoUserID on
  Anonymous_MustGiveEmail off
  Anonymous anonymous "*"

  SetEnvIf Cookie "PHPSESSID=([^ ]+)" REMOTE_USER=$1

  Require dbd-group foo

  # this will work, for any username entered in the browser:
  #AuthzDBDQuery "SELECT 'foo' FROM sys_session"

  # this does not work to obtain %s from PHPSESSID:
  AuthzDBDQuery "SELECT 'foo' FROM sys_session WHERE session_id = %s"

</Directory>

  I'm pretty sure I must convince apache to set a new REMOTE_USER (or
httpd_username?) internal variable, not an environment variable, but I
don't see how.  If I don't specify any AuthType, or set it to None, the
AuthzDBDQuery never runs and the error.log says it requires
authentication but authentication is not set up.  Any ideas are
appreciated - thanks!

  I'm running 2.4.25-3+deb9u5 from debian stretch.

Thanks,
Jesse Norell 

-- 
Jesse Norell
Kentec Communications, Inc.
970-522-8107  -  www.kci.net


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx